[Digital Business Africa] – Present in Africa for more than 20 years, Kaspersky now relies on local technical and commercial teams that support SMEs and their African partners daily, in a context where threats and solutions are constantly evolving.
This is what Pascal Naudin, Head of B2B – Morocco, Tunisia, West & Central Africa at Kaspersky, explains in this interview with Digital Business Africa. He also outlines the main obstacles preventing African SMEs from implementing adequate protection and presents Kaspersky’s appropriate solutions.
Digital Business Africa: Why do cybersecurity strategies in African SMEs often remain theoretical rather than operational?
Pascal Naudin: Many SMEs, in Africa as elsewhere, assume that their size naturally protects them from cyberattacks. This perception leads them to treat cybersecurity as a secondary issue, often limited to basic measures such as protecting workstations and servers.
Cyber threats are still too often associated solely with viruses. In this context, SMEs turn to consumer‑grade solutions designed for individual use. While these tools may be sufficient for isolated devices, they become inadequate once systems are interconnected within a corporate network. At that point, the attack surface increases significantly and requires a much more structured approach.
Digital Business Africa: What are the main obstacles preventing SMEs from implementing adequate protection?
Pascal Naudin: An SME’s priority remains its operational activity: producing, selling, invoicing, managing inventory, logistics, or customer relations. Immediate economic considerations, therefore, guide decisions, and cybersecurity is often perceived as a cost with no visible short‑term return on investment.
Yet cybersecurity is inherently constantly evolving. Solutions must be regularly updated, monitored, and adjusted. Many SMEs lack both the financial resources and the internal expertise to hire a full‑time IT specialist, which significantly slows the transition to truly operational protection.
Digital Business Africa: What operational weaknesses do you most often observe in African SMEs?
Pascal Naudin: It is primarily an underestimation of risk rather than a lack of professionalism. Most SMEs are not fully aware of the intensity of cyber threats or their potential consequences. Physical security of premises or protection of paper documents is well understood, but digital risk remains abstract until an incident occurs.
In this context, cybersecurity investments are still seen as constraints rather than strategic priorities. This situation is exacerbated by a local shortage of cybersecurity skills, making securing information systems particularly complex without external support.
Digital Business Africa: Can you share real‑world situations that illustrate these vulnerabilities?
Pascal Naudin: There are many cases. Some SMEs, for example, continue to use security solutions with expired licenses, leaving them without adequate protection—sometimes without even realizing it.
In other situations, consumer‑grade security solutions are installed individually on each workstation, with no coordination or overall visibility. These tools may be suitable for personal use, but they are ineffective against threats that can silently spread across an entire professional IT environment.
Digital Business Africa: How can SMEs move from theoretical cybersecurity to absolute, adequate protection?
Pascal Naudin: The first step is recognizing that digitalization is no longer a project but a reality. Invoices, emails, appointments, and professional exchanges now rely heavily on digital channels. In this context, any device—computer or smartphone—can serve as an entry point for an attack.
There are now solutions tailored to each company’s size and maturity, capable of operating in an interconnected manner. But one of the simplest and most effective levers remains user awareness. Since users are the primary targets of phishing attacks, regular awareness campaigns significantly reduce the attack surface and incident risk.
Digital Business Africa: How does the transition from EDR to XDR represent progress for SMEs?
Pascal Naudin: A few years ago, an antivirus was enough to create a sense of security. Today, attacks are more sophisticated, stealthier, and harder to detect. EDR solutions already represent a significant step forward in addressing next‑generation threats.
XDR goes further by expanding the analysis perimeter beyond workstations to include network traffic and cloud environments. Thanks to AI‑based technologies, Kaspersky’s XDR solution provides a comprehensive view of multi‑vector attacks and enables much more coherent detection and response.
Digital Business Africa: What role does employee awareness play in reducing cyber risks?
Pascal Naudin: The user must become the company’s first line of defense. A structured awareness program can reduce attack propagation by up to 80%. Cybersecurity, therefore, does not rely solely on technological tools but on a shared culture supported by top management.
In practice, training modules teach employees to recognize phishing emails and social engineering attempts. A single click can be enough to trigger major attacks, such as ransomware or data theft, without the user’s knowledge.
Digital Business Africa: Why is support from technology partners like Kaspersky essential for African SMEs?
Pascal Naudin: Faced with increasingly sophisticated cyber threats, isolation is no longer an option. Cybersecurity relies on the sharing of expertise and cooperation among stakeholders.
Kaspersky’s partner network plays a key role in this approach. Regularly trained, these partners ensure deployments adhere to best practices. Present in Africa for more than twenty years, Kaspersky now relies on local technical and commercial teams who support SMEs and their partners daily, in a context where threats and solutions are constantly evolving.
Interview by Beaugas – Orain DJOYUM
